Html-quoted content (turn javascript on to view sanitized html):

<p></p><div>@<a href="http://twitter.com/caolan">Caolan</a> has <a href="http://twitter.com/caolan/status/124159155190763520">suggested</a> cryptico.js for CouchApps, so I've asked the good folks at the @<a href="http://twitter.com/liberationtech">liberationtech</a> mailing list for their opinion about it. Here's the reply I got from Steve Weis <br><blockquote>There are good reasons not to use Javascript crypto in general:<div><a href="http://www.matasano.com/articles/javascript-cryptography/" target="_blank">http://www.matasano.com/<wbr>articles/javascript-<wbr>cryptography/</a></div><div><a href="http://rdist.root.org/2010/11/29/final-post-on-javascript-crypto/" target="_blank">http://rdist.root.org/2010/11/<wbr>29/final-post-on-javascript-<wbr>crypto/</a></div><div><br></div><div>Regardless, I wouldn't trust Cryptico because its
underlying implementations are all written from scratch and I have no
idea if any of them are safe. Quickly&nbsp;scanning through their code, I see
some questionable practices.</div><div><br></div><div>For example, they are seeding randomness from the time of day:</div><div><a href="https://code.google.com/p/cryptico/source/browse/trunk/random.js#376" target="_blank">https://code.google.com/p/<wbr>cryptico/source/browse/trunk/<wbr>random.js#376</a></div><div><br></div><div>And the "signature" is just a hash and is on the plaintext, rather than ciphertext:</div><div><a href="https://code.google.com/p/cryptico/source/browse/trunk/cryptico.js#3487" target="_blank">https://code.google.com/p/<wbr>cryptico/source/browse/trunk/<wbr>cryptico.js#3487</a><br></div></blockquote>What I understand from this is:<br><ul><li><i>Client side</i> JS crypto is bound to fail, no matter how you implement it</li><li><i>Server side </i>could <i>theoretically</i> work, but <i>specifically</i> cryptico.js is a bad implementation, and according to <a href="http://rdist.root.org/2010/11/29/final-post-on-javascript-crypto/">Nate Lawson's post</a>, <i>all</i> existing implementations are "specifically bad" (except for <a href="http://crypto.stanford.edu/sjcl/">SJCL</a> that <i>might</i> not be bad, but doesn't do asymmetric crypto anyway).</li></ul>If we're talking server-side only (e.g. for verifying authenticity of documents arriving via replications), I think this should be part of the CouchDB platform itself (or at least a plugin):<br><ul><li>We should use a library that is peer reviewed and maintained by cryptographers, so this implies <i>not</i> doing it in Javascript.<br></li><li>Doing it at the CouchDB level would mean reviewing and maintaining the code at a single point and not per-CouchApp (worse than herding cats).</li></ul><br><div><br></div></div>
<p></p>